Risks of a connected world: Is Bermuda cybersecure?

Those of us who are above a certain age can remember a time in which, apart from the telegraph and telephone, a connection had to made physically in some way; or someone had to go from point A to point B in person. Now, as the late Stephen Hawking said: “We are all now connected by the Internet, like neurons in a giant brain”. This may still be an exaggeration for effect, but it edges ever closer to being the truth.

In a world in which people can be killed remotely by those thousands of miles away, your fridge can tell you that you are out of milk, or your exercise habits can be plotted in real time, the concept of connection has moved from the realm of the metaphysical to an ever-expanding reality.

Undoubtedly, the level and diversity of available connectivity have brought many benefits and enriched lives, and there is clearly no going back. However, a connected world is, in many ways, a more dangerous one, in which scope for creating mayhem increases all the time.

It is “old news” that, for example, power grids can be hacked and disabled; and any government with any foresight (including Bermuda’s) has compiled a list of critical infrastructures and is trying to “harden” it against those with malicious intent. But what if connectivity means that the definition of “critical” is greatly underestimated?

Consider some scenarios.

Autonomous cars become prevalent on the roads, and are convoyed to improve efficient use of road space. But what if the front vehicle, to which all the others are connected, is suddenly seized remotely and stalls? What if the entire network created to enable such traffic management is hacked, and all the autonomous vehicles it controls are disabled, or re-purposed as weapons?

Or imagine that you are the general contractor on a major building site, who has improved your business’s capital efficiency by dispensing with human drivers and operators, and is now using remotely controlled machinery such as excavators, borers and robotic crews. What if the network which controls it all is hacked and the equipment runs amok in a crowded city?

Perhaps you rely, as much of modern life does, on the continuing existence of a reliable GPS network of satellites. What if, rather than being taken out, the system is subtly re-programmed to be slightly “off”. The potential consequences will give a whole new meaning to off-kilter.

Of course, by then you will have all “mod cons” in your home (apart from the seemingly telepathic fridge) –– the electronic access system; the Nest “smart” thermostat; your friend “Alexa”; and that wonderful Roomba. Ironically, the so-called Internet of Things is, in reality, a system of networks and connections. That is what ultimately makes it both powerful and very dangerous.

Next, your hospital is so advanced, with the latest in AI-based diagnostic systems and remote-operated access to the world’s best surgeons. Would you rather have a false positive or a false negative when the system is hacked? Will the theatre nurses realise quickly enough that something is wrong with the surgical procedure under way before you are maimed, disfigured or dead?

Bear in mind that these are all scenarios that one can imagine now, and many, if not most, already carry an inherent threat.

Looking at the issues from a business viewpoint, risk managers are going to have to step up their game when it comes to formulating and evaluating “emerging” risks or threats, many of which will be potentially existential; and, as with existing cyber risks, there is going to be an escalating battle between the black and the white hats- and we should all hope that the white hats and the counter-cyber experts are better and better-resourced than their opponents, many of whom will be state actors, or those backed by states but allowing plausible deniability. If they are not, the consequences will be unpleasant.

Our society is now advanced, complex and inter-connected. In reality, it is not that far from chaos and disorder. What if some malevolent actor persistently hacks into the navigation systems of the container ships which act as Bermuda’s lifeline so that they steam around in circles, unable to deliver essential supplies? Someone would have to mount the Bermuda Airlift, at least for a time. Dystopian, yes. Fantasy? Perhaps. Impossible? No.

We are quite sure that the (re)insurance companies, whose presence underpins much of Bermuda’s economy, are already employing their best minds on understanding the impact of “connectivity” in order, firstly, to assess what is insurable; secondly, how it impacts their existing policy design; and, thirdly, how to design an effective way to map and aggregate the outcomes of a vast range of potential scenarios.

Bermudians are unusually well-adapted to the idea of withstanding natural risks; but are they sufficiently aware of the fact that connectivity brings harm as well as opportunity?